Infosec Articles (9/17/18 – 10/1/18)

We’ve put together our bi-weekly compilation of infosec articles from around the security industry. Read updates on botnets like Gafgyt and Virobot. Learn about hackers targerting real estate deals, and more.

For more articles, check out our #onpatrol4malware blog.

Dissecting the first Gafgyt bot implementing the “VanillaUPX technique”

Source: Security Affairs

Experts at the CSE Cybsec Z-Lab have found a Gafgyt variant implementing the VanillaUPX technique recently presented in a cybersecurity conference. Read more.

Meet Black Rose Lucy, the Latest Russian MaaS Botnet

Source: Check Point Research

Check Point Research intercepted a new MaaS product, Black Rose Lucy, developed by a Russian speaking team who have been dubbed ‘The Lucy Gang’. Read more.

Viro Botnet Ransomware Breaks Through

Source: Trend Micro

Users in the United States are now being affected by Viro botnet, which has both ransomware and botnet capabilities. Read more.

DanaBot shifts its targeting to Europe, adds new features

Source: We Live Security

ESET researchers have discovered new DanaBot campaigns targeting a number of European countries. Read more.

A report by the FBI’s Internet Crime Complaint Center said the number of victims of email fraud involving real estate transactions rose 1,110 percent between 2015 to 2017, with 2017’s losses totaling over $56 million. Read more.

A new botnet hides its C2s (Downloader and Reporter server) by using the ngrok reverse proxy service to periodically generate large number of random subdomain names. Read more.

A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. Read more.

VPNFilter — a multi-stage, modular framework that has infected hundreds of thousands of network devices across the globe — is now known to possess even greater capabilities. Read more.